InfoSec Handlers Diary Blog

We've had some reports of some targeted emails from "The White House".

Emails typically look as follows:

As you and your families gather to celebrate the holidays, we wanted to take a moment to send you our greetings. Be sure that we're profoundly grateful for your dedication to duty and wish you inspiration and success in fulfillment of our core mission.

Greeting card:

http://yyyyyyyyyy.com/card/
http://xxxxxxxxxx.com/card/

Merry Christmas!
___________________________________________
Executive Office of the President of the United States
The White House
1600 Pennsylvania Avenue NW
Washington, DC 20500

The email links to an exe file which in turn downloads what looks like a key logger, typically associated with ZBOT. currently these are barely detected, but that should improve.

If you receive some of these I'd be interested in the URL as well as the headers of the message.

Here in AU there was an AV scam that did the rounds earlier this year. You would receive a phone call and someone stating they were from Microsoft support would inform you that your system had been infected with a virus and that they were there to help you clean it up. They would direct you to the web site and encourage you to select one of their support packages the cheapest being $94 for one year and upwards from there. The calls I received were using callerID spoofing so I assume they were using compromised VOIP systems (plenty of those around). I'm guessing because someone is doing it again the scam is worthwhile.

Anyway, Chris (thanks) mentioned that they seem to be active again in the US and based on the web site also in the UK. In this call they represented themselves as Microsoft and they needed immediate access to the machine to help fix the problem.

Seeing as many of you may be spending time with less IT savvy people in the next few days, maybe mention this so they don't fall for it. I know a few elderly people that have now repeatedly purchased a fake service such as provided by these people calling.

Ok, fess up who asked for an IE 0 day for Christmas? I'm guessing Santa got his lumps of coal mixed up with a bag of exploits.

This exploit has been discussed over the last day or so on full disclosure and a number of other sites. Metasploit already has a module available for it (just search for CSS & IE). Microsoft has put out an advisory 2488013 regarding the issue ( http://www.microsoft.com/technet/security/advisory/2488013.mspx). The issue manifests itself when a specially crafted web page is used and could result in remote code execution on the client.

Microsoft suggests using Enhanced Mitigation Experience Toolkit (EMET) to help address the issue. Details on that and a little bit more on the exploit can be found here http://blogs.technet.com/b/srd/archive/2010/12/22/new-internet-explorer-vulnerability-affecting-all-versions-of-ie.aspx

Have you ever seen the classic video "A Charlie Brown
Christmas," and pondered why Charlie Brown is so upset at the start of the
video? Also, have you ever wondered why the rest of the Peanuts gang is so
focused on the materialism of the Christmas season? Well, this year's
hacking challenge answers these questions. In our tale, you'll discover that
something happened before the start of the Charlie Brown Christmas video
that put these characters into such a state. That something is what we like
to call...

The Nightmare Before Charlie Brown's Christmas

These challenges, which are an annual tradition here at EthicalHacker.net,
are designed to help people develop their skills, show off their abilities,
and have some fun. During past holiday seasons, you got to tangle with the
Grinch, Rudolph, that Messy Marvin kid, Frosty, and even Santa himself. And
who can forget last year's Miracle on Thirty-Hack Street. Read this
challenge, answer the questions, and send your responses in by January 3,
2011. We'll choose three winners, each of whom will get an autographed copy
of my Counter Hack Reloaded book. One prize will go to the best technical
answer, another to the most creative answer that is technically correct, and
the final prize is based on a random draw from every person who submits an
answer. Even if you have no idea whatsoever for how to answer the questions,
send in your best shot to be entered in the random draw. And now, without
further adieu, the curtain rises on our story...